VYPR

Vendor CVEs

Totolink

All CVEs

1,201 total · sorted by risk
  • CVE-2023-50651Dec 30, 2023
    risk 0.00cvss epss 0.02

    TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.

  • CVE-2023-51136Dec 30, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule.

  • CVE-2023-51133Dec 30, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute.

  • CVE-2023-51135Dec 30, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup.

  • CVE-2023-51026Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi.

  • CVE-2023-51014Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi

  • CVE-2023-51034Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.

  • CVE-2023-51013Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi.

  • CVE-2023-51011Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi

  • CVE-2023-51016Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi.

  • CVE-2023-51022Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi.

  • CVE-2023-51015Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi

  • CVE-2023-51035Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.

  • CVE-2023-51018Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi.

  • CVE-2023-51023Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi.

  • CVE-2023-51017Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi.

  • CVE-2023-50147Dec 22, 2023
    risk 0.00cvss epss 0.01

    There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.

  • CVE-2023-51033Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.

  • CVE-2023-51028Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi.

  • CVE-2023-51024Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi.

  • CVE-2023-51012Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi.

  • CVE-2023-51019Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.

  • CVE-2023-51021Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi.

  • CVE-2023-51025Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi.

  • CVE-2023-51027Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.

  • CVE-2023-51020Dec 22, 2023
    risk 0.00cvss epss 0.01

    TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi.

  • CVE-2023-6906Dec 18, 2023
    risk 0.00cvss epss 0.02

    A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8…

  • CVE-2023-49418Dec 11, 2023
    risk 0.00cvss epss 0.01

    TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.

  • CVE-2023-49417Dec 11, 2023
    risk 0.00cvss epss 0.01

    TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.

  • CVE-2023-48860Dec 7, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.

  • CVE-2023-48859Dec 6, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.

  • CVE-2023-48799Dec 4, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution.

  • CVE-2023-48800Dec 4, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.

  • CVE-2023-43455Dec 1, 2023
    risk 0.00cvss epss 0.02

    An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component.

  • CVE-2023-48801Dec 1, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.

  • CVE-2023-43454Dec 1, 2023
    risk 0.00cvss epss 0.02

    An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.

  • CVE-2023-43453Dec 1, 2023
    risk 0.00cvss epss 0.02

    An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component.

  • CVE-2023-48804Nov 30, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.

  • CVE-2023-48803Nov 30, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.

  • CVE-2023-48808Nov 30, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.

  • CVE-2023-48802Nov 30, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.

  • CVE-2023-48807Nov 30, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.

  • CVE-2023-48806Nov 30, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.

  • CVE-2023-48805Nov 30, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.

  • CVE-2023-48810Nov 30, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability.

  • CVE-2023-48812Nov 30, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.

  • CVE-2023-48811Nov 30, 2023
    risk 0.00cvss epss 0.02

    In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability.

  • CVE-2023-48192Nov 20, 2023
    risk 0.00cvss epss 0.00

    An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.

  • CVE-2023-46992Oct 31, 2023
    risk 0.00cvss epss 0.01

    TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages.

  • CVE-2023-46485Oct 31, 2023
    risk 0.00cvss epss 0.01

    An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.

Page 19 of 25